Anthropic 1P/00_Tutorial risks insecure API key usage

[rgriff23]

Issue

Notebook Anthropic 1P/00_Tutorial_How-To.ipynb asks users to enter their Anthropic API Key in a notebook cell.

This pattern comes with elevated risk that inexperienced users will accidentally commit their API key to a public repo.

Suggested change

Here is one way to encourage a safe pattern for managing API keys:

1. In the README, instruct users to place their API key in a .env file.
2. Modify each notebook to use python-dotenv to load the environment variables each time the notebook runs.

Details

1. Add .env to .gitignore to ensure it isn't committed
2. Add a .env_template file to the repo root which users can copy into a .env file. This can also include MODEL_NAME:

ANTHROPIC_API_KEY=<your-api-key-here>
MODEL_NAME=claude-3-haiku-20240307

4. Add !pip install python-dotenv to all notebooks in Anthropic 1P/
5. Add the following env setup code to the import section of all notebooks in Anthropic 1P/

import os
from dotenv import load_dotenv

load_dotenv();

API_KEY = os.getenv("ANTHROPIC_API_KEY")
MODEL_NAME = os.getenv("MODEL_NAME")

6. Update README.md to instruct users to create .env and add their API Key, e.g.

Copy .env_template to .env:

cp .env_template .env

Within .env, replace <your-api-key-here> with your Anthropic API key (no quotes or brackets are needed).

Note: .env is included in the .gitignore to avoid accidentally committing your API key. The notebooks in tutorial use the python-dotenv library to load environment variables from .env in each notebook. Be sure to avoid printing and committing the actual API key inside your notebooks.